Side effects: • Third party control • Registry modification • Steals information

Files

It copies itself to the following location: • %SYSDIR%\arking.exe

It deletes the initially executed copy of itself.

It tries to download some files:

– The location is the following: • http://www.**********dupxc.com/1mg/am.rar It is saved on the local hard drive under: %SYSDIR%\arking0.dll Further investigation pointed out that this file is malware, too.

– The location is the following: • http://www.**********duccf.com/1mg/am1.rar It is saved on the local hard drive under: %SYSDIR%\arking1.dll Further investigation pointed out that this file is malware, too.

Registry

One of the following values is added in order to run the process after reboot: